* ext/openssl/ossl_ssl.c (ossl_sslctx_session_new_cb): Return 0 to

  OpenSSL from the callback for SSL_CTX_sess_set_get_cb().
  Returning 0 means to OpenSSL that the the session is still valid
  (since we created Ruby Session object) and was not freed by us with
  SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
  session_get_cb block if you don't want OpenSSL to cache the session
  internally.
  This potential issue was pointed by Ippei Obayashi. See #4416.

* test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): Test
  it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

0 files changed, 0 insertions, 0 deletions